Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2330

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-2330
Last Modified 07 Mar 2011 10:09:01
Published 16 Sep 2008 07:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2330

Summary

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

Vulnerable Systems

Operating System

  • Apple Mac Os X Server 10.4.11

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Apple Mac Os X Server 10.5.3

  • Apple Mac Os X Server 10.5.4


References

CERT - TA08-260A

BID - 31189

APPLE - APPLE-SA-2008-09-15

XF - macos-slapconfig-information-disclosure(45164)

VUPEN - ADV-2008-2584

SECTRACK - 1020874

SECUNIA - 31882

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:47:50